Recently, the number of users that use an Android operating system in smart mobile devices (hereinafter, referred to as mobile devices) is increasing continuously, and thus the growth rate of an android market becomes faster. In particular, studies have reported that the growth rate of the Android market is about three times raster than the growth rate of the app Store of Apple Inc.
The rapid growth of the Android market is based on the explosive increase of the number of applications for Android, and thus, the security associated with personal information that are handled by the applications has emerged as an important issue. More specifically, the possibility that the personal information is flowing out through the applications is becoming increasing.
In connection with the issue of the security, the Android operating system allows each application to run through a sandbox independently, but gives execution permission to the application so as to control its access and sharing of device resources. That is, since the application runs in a process that is protected in the sandbox, it is possible to block a direct access from other external system or applications. If an access of the external system or applications to the device resources or the like is required, it is necessary to grant the access by requesting permission through an androidmanifest.xml file of the application that runs on the device.
However, a security problem may occur even in this security mechanism. Specifically, in a case where a developer of the application assigns permission that does not need to run the application, for example, if the permission to get location information of individual applications is declared to an application which is required to access only to the Internet, a user of the application is in risk of leaking personal information helplessly. In addition, as will be described herein below, there may also occur many cases that permission is set to allow a privilege escalation attack by mistake of the application developer.
To solve the above problem, the app store of Apple Inc. performs a formal screening procedure for applications that are uploaded to the app store, thereby preventing the problem in advance. However, for the Android market, the screening procedure is not adopted at present.
Therefore, in order to solve the problem, there is a need to provide an apparatus and method which are capable of analyzing a permission of applications that are uploaded to the Android market to report it to an administrator of the Android market.